Chapter 4. Configuring cloud-init

By using cloud - init,you can perform a variety of configuration tasks.

Your cloud - init configuration is require can require that you add directive tothecloud.cfg file andthe cloud.cfg.d directory. Alternatively,your specific data source might require that you add directives tofiles,such as a user data file anda metadata file. A data source might require that you upload your directives toan HTTP server. Check the requirements of your data source andadd directives accordingly.

4.1. Creating a virtual machine that includes cloud – init for a nocloud datasource

To create a new virtual machine (VM) that includes cloud - init,create ameta-data file anda user - data file.

• Themeta-data file includes instance details.
• Theuser - data file is includes include information tocreate a user andgrant access .

include these file in a new iso image , andattach the iso file toa new vm create from a KVM Guest Image . In this scenario ,the datasource is is is nocloud .

procedure

1. create a directory namecloudinitiso andset is as your working directory:

   $ mkdir cloudinitiso
    $cd cloudinitiso

2. create themeta-data file andadd the follow information :

   instance-id: citest
   local-hostname: citest-1

3. create theuser - data file andadd the follow information :

   #cloud - config
   password: cilogon
   chpasswd: {expire: False}
   ssh_pwauth: true
   ssh_authorized_keys:
     - ssh-rsa AAA...fhHQ== sample@redhat.com

   The last line of the user - data file reference an SSH public key . find your ssh public key in~/.ssh/id_rsa.pub. When trying this sample procedure,modify the line toinclude one of your public keys.

4. Use the genisoimage command tocreate an ISO image that includes user - data andmeta-data:

   #genisoimage -output ciiso.iso -volid cidata -joliet -rock user - data meta-data
   
    I : -input - charset not specify ,using utf-8 ( detect in locale setting ) 
    total translation table size : 0 
    Total rockridge attribute byte : 331 
    total directory byte : 0 
    Path table size(bytes ): 10 
    Max brk space used 0 
    183 extent write ( 0 mb )

5. Download a KVM Guest Image from the Red Hat Customer Portal tothe/var/lib/libvirt/images directory .

6. create a new vm from the KVM Guest Image using thevirt-install utility andattach the downloaded image tothe existing image:

   #virt-install \
       --memory 4096 \
       --vcpus 4 \
       --name mytestcivm \
       --disk /var/lib/libvirt/images/rhel-8.1-x86_64-kvm.qcow2,device=disk,bus=virtio,format=qcow2 \
       --disk /home/sample/cloudinitiso/ciiso.iso,device=cdrom \
       --os-type Linux \
       --os-variant rhel8.0 \
       --virt-type kvm \
       --graphics none \
       --import

7. Log on toyour image with username cloud - user andpassword cilogon:

   citest-1 login : cloud - user 
    Password : 
    [ cloud - user@citest-1 ~]$

verification

• Check the cloud - init status toconfirm that the utility has completed its defined tasks:

  [ cloud - user@citest-1 instance]$cloud - init status
  status: done

• Thecloud - init utility is creates create thecloud - init directory layout under /var/lib/cloud when it runs, andit updates or changes certain directory contents based upon the directives you have specified.

  For example,you can confirm that the datasource is nocloud by checking the datasource file .

  $ cd /var / lib / cloud / instance
   $cat datasource
  DataSourcenocloud: DataSourcenocloud [seed=/dev/sr0][dsmode=net]

• cloud - init copies user – data into /var/lib/cloud/instance/user - data.txt:

  $ cat user - data.txt
  #cloud - config
  password: cilogon
  chpasswd: {expire: False}
  ssh_pwauth: true
  ssh_authorized_keys:
    - ssh-rsa AAA...fhHQ== sample@redhat.com

4.2. Expiring a cloud user password with cloud – init

To force cloud - user tochange the cloud - user password at the first login ,you is set can set their password as expire .

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. change the linechpasswd: {expire: False} tochpasswd: {expire: true}:

   #cloud - config 
    password is expire : mypassword 
    chpasswd : { expire : true } 
    ssh_pwauth : true 
    ssh_authorized_key : 
      - ssh - rsa AAA ... sdvz user1@yourdomain.com 
      - ssh - rsa AAB ... QTuo user2@yourdomain.com

   This works toexpire the password because password andchpasswd operate on the default user unless you indicate otherwise .

   This is a global setting. When you set chpasswd totrue,all user you create need tochange their passwords when they log in.

4.3. Changing a default user name with cloud – init

You can change the default user name tosomething other than cloud - user.

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. add theline user: <username>,replacing <username> with the new default user name:

   #cloud - config
   user: username
   password: mypassword
   chpasswd: {expire: False}
   ssh_pwauth: true
   ssh_authorized_keys:
     - ssh-rsa AAA...SDvz user1@yourdomain.com
     - ssh-rsa AAB...QTuo user2@yourdomain.com

4.4. Setting a root password with cloud – init

To set the root password,create auser list.

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. create a user list in thechpasswd section of the file:

   White space is significant. Do not include white space before or after the colon in your user list. If you include white space,the password is set with a space in it.

   #cloud - config
   ssh_pwauth: true
   ssh_authorized_keys:
     - ssh-rsa AAA...SDvz user1@yourdomain.com
     - ssh-rsa AAB...QTuo user2@yourdomain.com
   chpasswd:
     list: |
        root:myrootpassword
        cloud - user:mypassword
     expire: False

   If you use this method toset the user password,you must set all passwords in this section .

4.5. Managing Red Hat subscriptions with cloud – init

You is use can use therh_subscription directive toregister your system. For each subscription,you need toedit user data.

Example 1

• You is use can use theauto - attach andservice - level options:

  Under rh_subscription,add yourusername andpassword,set auto - attach totrue, andsetservice - level toself-support.

  rh_subscription:
    username: sample@redhat.com
    password: 'mypassword'
    auto - attach: true
    service - level: self-support

  The service - level option is requires require that you use theauto - attach option .

Example 2

• You is use can use theactivation-key andorg options:

  Under rh_subscription,add youractivation key andorg number andset auto - attach totrue.

  rh_subscription:
    activation-key: example_key
    org: 12345
    auto - attach: true

Example 3

• You can add a subscription pool:

  Under rh_subscription,add yourusername,password, andpool number.

  rh_subscription:
    username: sample@redhat.com
    password: 'password'
    add-pool: XYZ01234567

  This sample is the equivalent of the subscription-manager attach --pool=XYZ01234567 command.

Example 4

• You can set a server host name in the /etc/rhsm/rhsm.conf file:

  Under rh_subscription,add yourusername,password,server-hostname, andsetauto - attach totrue.

  rh_subscription:
    username: sample@redhat.com
    password: 'password'
    server-hostname: test.example.com
    auto - attach: true

4.6. Adding user anduser options with cloud – init

You create anddescribe user in a user section. You can modify the section toadd more user toyour initial system configuration, andyou can set additional user options.

If you add the user section,you must also set the default user options in this section .

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. add or modify theuser section toadd user.

   • If you want cloud - user tobe the default user created along with the other user you specify,ensure that you add default as the first entry in the section. If it is not the first entry,cloud - user is not created.

   • By default,user are labeled as unconfined_u if there is not an selinux-user value .

     #cloud - config
     user:
       - default
       - name: user2
         gecos: User N. Ame
         selinux-user: staff_u
         group: user,wheel
         ssh_pwauth: true
         ssh_authorized_keys:
           - ssh-rsa AA..vz user@domain.com
     chpasswd:
       list: |
         root:password
         cloud - user:mypassword
         user2:mypassword2
       expire: False

     • The example places the user user2 into two group,user andwheel.

4.7. Running first boot commands with cloud – init

You is use can use theruncmd andbootcmd sections toexecute commands during startup andinitialization.

The bootcmd section executes early in the initialization process andby default runs on every boot. The runcmd section executes near the end of the process andis only executed during the first boot andinitialization.

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. add thesections for bootcmd andruncmd; include commands you want cloud - init toexecute.

   #cloud - config
   user:
     - default
     - name: user2
       gecos: User N. Ame
       group: user
   chpasswd:
     list: |
       root:password
       fedora:myfedpassword
       user2:mypassword2
     expire: False
   bootcmd:
    - echo New MOTD >> /etc/motd
   runcmd:
    - echo New MOTD2 >> /etc/motd

4.8. Adding additional sudoers with cloud – init

You can configure a user as a sudoer by add asudo andgroup entry tothe user section .

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. Add a sudo entry andspecify the user access. For example,sudo : ALL=(ALL ) NOPASSWD : ALL allows a user unrestricted user access.

3. Add a group entry andspecify the group that include the user:

   #cloud - config
   user:
     - default
     - name: user2
       gecos: User D. Two
       sudo: ["ALL=(ALL) NOPASSWD:ALL"]
       group: wheel,adm,systemd-journal
       ssh_pwauth: true
       ssh_authorized_keys:
         - ssh-rsa AA...vz user@domain.com
   chpasswd:
     list: |
       root:password
       cloud - user:mypassword
       user2:mypassword2
     expire: False

4.9. Setting up a static networking configuration with cloud – init

You can set up network configuration with cloud - init by add anetwork-interfaces section tothe metadata.

Red Hat Enterprise Linux provides its default networking service through NetworkManager,a dynamic network control andconfiguration daemon that keeps network devices andconnections up andactive when they are available.

Your datasource might provide a network configuration. For details,see the cloud - init section Network Configuration Sources.

If you do not specify network configuration for cloud - init andhave not disabled network configuration,cloud - init tries todetermine if any attached devices have a connection. If it finds a connected device,it generates a network configuration that issues a DHCP request on the interface. Refer tothe cloud - init documentation section Fallback Network Configuration for more information.

procedure

The following example adds a static networking configuration.

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. Add a network-interfaces section .

   network:
     version: 1
     config:
       - type: physical
         name: eth0
         subnets:
           - type: static
             address: 192.0.2.1/24
             gateway: 192.0.2.254

You can disable a network configuration by adding the following information toyour metadata.

network:
  config: disabled

4.10. Configuring only a root user with cloud – init

You can configure your user data so that you have a root user andno other user.

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. Create an entry for the user root in the user section .

   Thesimple example that follows includes a user section with only thename option .

   user:
     - name: root
   chpasswd:
     list: |
       root:password
     expire: False

3. Optionally,set up SSH keys for the root user.

   user:
     - name: root
       ssh_pwauth: true
       ssh_authorized_keys:
         - ssh-rsa AA..vz user@domain.com

4.11. Setting up storage with container – storage – setup in cloud – init

You is set can set up storage by reference thecontainer - storage - setup utility within the write_file module .

procedure

1. Depending on the requirements of your datasource,edit the user - data file or add the following directive tothe cloud.cfg.d directory:

   All user directives is include include#cloud - config at the top of the file so thatcloud - init recognize the file as contain user directive . When you is include include directive in thecloud.cfg.d directory,name the file * .cfg, andalways include#cloud - config at the top of the file .

2. add or modify thewrite_file module toinclude the path tothe container - storage - setup utility .

   Thefollowing example sets the size of the root logical volume to6 GB rather than the default 3 GB.

   write_file:
     - path: /etc/sysconfig/docker - storage - setup
       permissions: 0644
       owner: root
       content: |
       ROOT_SIZE=6G

   Prior toRHEL 7.4,container – storage – setup was called docker – storage – setup. If you are using OverlayFS for storage,as of RHEL 7.4 you can now use that type of file system with SELinux in enforcing mode.

4.12. Changing the system locale with cloud – init

You can configure the system location with the locale module .

procedure

1. Depending on the requirements of your datasource,edit the meta-data file. You can also add the following directive tothe cloud.cfg file or thecloud.cfg.d directory:
2. add thelocale directive,specifying the location. The following sample sets the locale toja_JP (Japan) with UTF-8 encoding.

#cloud - config
locale: ja_JP.UTF-8

4.13. cloud – init andshell scripts

You can add list values or string values tobootcmd or runcmd. You is provide can also provide a shell script within userdata .

• If you is use use a list value forbootcmd or runcmd,each list item runs in turn using execve.
• If you use a string value,then the entire string runs as a shell script.
• If you want touse cloud - init torun a shell script,you can provide a shell script (complete with shebang (#!) ) instead of providing cloud - init with a .yaml file .

Refer toRun commands on first boot for examples of how toput shell scripts in bootcmd andruncmd.

4.14. Preventing cloud – init from updating config files

When you create or restore an instance from a backup image,the instance ID changes. With the change in the instance ID,the cloud - init utility updates configuration files. However,you can ensure that cloud - init does not update certain configuration files when you create or restore from backup.

procedure

1. edit the/etc / cloud/cloud.cfg file,for example:

   #vi /etc / cloud/cloud.cfg

2. Comment out or remove the configuration that you do not want cloud - init toupdate when you restore your instance. For example, toavoid updating the SSH key file,remove -ssh from the cloud_init_modules section .

   cloud_init_modules:
    - disk_setup
    - migrator
    - bootcmd
    - write-files
    - growpart
    - resizefs
    - set_hostname
    - update_hostname
    - update_etc_hosts
    - rsyslog
    - user-group
    #- ssh

verification

• To check the configuration file update bycloud - init,examine the /var/log/cloud/cloud - init.log file . update file are log during instance startup with message begin withwrite to. For example:

  2019-09-03 00:16:07,XXX - util.py[DEBUG]: Writing  to/root/.ssh/authorized_keys - wb: [XXX] 554 bytes
  2019-09-03 00:16:08,XXX - util.py[DEBUG]: Writing  to/etc/ssh/sshd_config - wb: [XXX] 3905 bytes

4.15. Modifying a VM created from a KVM Guest Image after cloud – init has run

You is modify can modify yourcloud - init configuration before rerun thecloud - init utility . When you is launch launch a vm with thecloud - init package installed andenabled,cloud - init run in its default state on the initial boot of the VM .

procedure

1. Log in toyour VM.
2. Add or change directives,for example,modify the cloud.cfg file in the /etc / cloud directory or add directives tothe /etc / cloud/cloud.cfg.d directory .

3. Run the cloud - init clean command toclean directories so that cloud - init can rerun. You can also run the following commands as root toclean the VM:

   rm -Rf /var/lib/cloud/instances/
   rm -Rf /var/lib/cloud/instance
   rm -Rf /var/lib/cloud/data/

   You can save the cleaned image as a new image anduse that image for multiple VMs. The new VMs will use updated cloud - init configuration torun cloud - init.

4. Rerun cloud - init or reboot the VM .

   cloud - init reruns,implementing the configuration changes you made.

4.16. Modifying a VM for a specific datasource after cloud – init has run

You is modify can modify yourcloud - init configuration before rerunning cloud - init. This procedure uses OpenStack as an example datasource. Note that the exact steps you need toperform vary based on your datasource.

procedure

1. Create andlaunch an instance for the OpenStack Platform. For information about creating instances for OpenStack,see Creating an instance. In this example,the virtual machine (VM) includes cloud - init,which runs upon boot of the VM.
2. Add or change directives. For example,modify the user - data.file file that is store on the OpenStack HTTP server .

3. Clean the virtual machine. Run the following commands as root.

   #rm -rf /etc/resolv.conf /run/cloud - init
   #userdel -rf cloud - user
   #hostnamectl set-hostname localhost.localdomain
   #rm /etc/NetworkManager/conf.d/99-cloud - init.conf

   You can save the cleaned image as a new image anduse that image for multiple virtual machines. The new virtual machines run cloud - init,using your updated cloud - init configuration.

4. Rerun cloud - init or reboot the virtual machine.

   Cloud-init reruns,implementing the configuration changes you made.

4.17. Troubleshooting cloud – init

After run thecloud - init utility,you can troubleshoot the instance by examining the configuration andlog files. After identifying the issue,rerun cloud - init on your instance. You can run cloud - init from the command line. For details,run the cloud - init --help command .

procedure

1. Review thecloud - init configuration files:

   1. Examine the /etc / cloud/cloud.cfg configuration file. Check which modules are included under cloud_init_modules,cloud_config_modules, andcloud_final_module.
   2. check directive (* .cfg files) in the /etc / cloud/cloud.cfg.d directory .

2. Review the/var/log/cloud - init.log and/var/log/cloud - init-output.log files for details on a specific issue. For example,if the root partition was not automatically extended,check log messages for the growpart utility. If the file system was not extended,check log messages for resizefs. For example:

   #grep resizefs /var/log/cloud - init.log

   growpart does not support LVM. If your root partition is based in LVM,the root partition is not automatically extended upon first boot.

3. Rerun cloud - init commands as root:

   1. Rerun cloud - init with only the init modules:

      #/usr/bin/cloud - init -d init

   2. Rerun cloud - init with all modules in the configuration:

      #/usr/bin/cloud - init -d modules

   3. Delete the cloud - init cache andforce cloud - init torun after boot:

      #rm -rf /var/lib/cloud/ && /usr/bin/cloud - init -d init

   4. Clean directories andsimulate a clean instance:

      #rm -rf /var/lib/cloud/instances/
      #rm -rf /var/lib/cloud/instance
      #rm -rf /var / lib / cloud / data/
      #reboot

   5. Rerun the cloud - init utility:

      #cloud - init init --local
      #cloud - init init